Open to new opportunities

Senior
DevOps
Engineer

9 years designing, automating, and operating production-grade cloud platforms on AWS and Azure. I build the infrastructure that makes delivery fast, reliable, and observable — and then automate everything so it stays that way.

At a glance
Experience9 years
Current roleScottish Govt · SPM
Cloud platformsAWS · Azure
Infra cost saved~20%
IaC coverage
95%
CI/CD automation
90%
Observability
88%
What I bring
Core capabilities
☁️
Cloud Infrastructure
Production-grade AWS & Azure environments built with Terraform, CloudFormation, and Bicep. Multi-AZ, auto-scaling, and ~20% cost optimised.
🔄
CI/CD Engineering
End-to-end pipelines with Jenkins, GitHub Actions, GitLab CI. Build → test → containerise → deploy with zero manual steps in production.
🐳
Containers & Orchestration
Docker and Kubernetes at scale — Helm charts, Ingress, HPA, RBAC across dev, staging, and prod. Formerly kubeadm clusters, now EKS.
📊
Observability
Prometheus + Grafana + CloudWatch stacks. SLO tracking, alerting runbooks, and incident dashboards that actually surface the right signal.
🔐
Security & Compliance
GDPR-aligned cloud security: IAM least-privilege, KMS encryption, Secrets Manager, CloudTrail audit trails, and zero-trust network design.
🤖
Automation & SRE
Python & Ansible automation frameworks. Idempotent playbooks, webhook pipelines, and Slack self-service workflows to kill toil at source.
Certifications
🏅
AWS Certified Cloud Practitioner
Amazon Web Services · February 2025
🏅
Terraform Associate
Mphasis · December 2024
This site is hosted on AWS EC2 · deployed via Jenkins CI/CD · infrastructure provisioned with Terraform · v1.0.0
Career history
9 years of impact

From project engineer to senior DevOps lead — building platforms that ship faster, fail less, and cost less to run.

Jul 2022 – Present · 3+ years
Senior DevOps Engineer
Mphasis · Scottish Government (SPM)
  • Architected production-grade AWS infrastructure with Terraform — modular IaC for VPCs, EC2, ALB/NLB, ASGs, RDS, S3, IAM, KMS, and Secrets Manager across multiple environments
  • Led a DevOps team of 3, mentoring engineers, assigning work, and driving delivery cadence to reduce incident time
  • Engineered end-to-end CI/CD pipelines with Jenkins, Docker, and Kubernetes across dev, non-prod, and production environments
  • Achieved approximately 20% infrastructure cost reduction through resource right-sizing and Auto Scaling optimisation
  • Implemented Prometheus/Grafana monitoring across all platforms; introduced Slack-based self-service workflows for common support requests
  • Established GDPR-aligned cloud security: role-based access, KMS encryption, secrets handling, and full audit trails via CloudTrail
  • Created and maintained comprehensive runbooks, IaC standards, and troubleshooting procedures on Confluence
Jan 2021 – Jul 2022 · 1.5 years
Senior DevOps Engineer
Mphasis HP · Sirius Dev Environment
  • Owned build, release, and monitoring processes for Sirius firmware in Agile environments
  • Designed and maintained multi-branch CI/CD pipelines using Jenkins, Docker, and Kubernetes for repeatable, safer releases
  • Implemented IaC with Terraform across AWS and Azure, improving scalability and disaster recovery capabilities
  • Led migration of legacy applications to Kubernetes, improving observability and rerun orchestration
  • Developed automation frameworks using Shell, Python, Ruby, and Ansible for multi-cloud environment provisioning
  • Managed artifact versioning and release with Jenkins and Nexus; applied Power Platform ALM practices
  • Mentored junior engineers on DevOps best practices and incident runbook adoption
Aug 2018 – Jan 2021 · 2.5 years
DevOps Engineer
ThinkPalm Technologies · RADview
  • Migrated RADview from legacy architecture to CI/CD using Docker, Ansible, Kubernetes, and Helm
  • Configured and maintained Kubernetes clusters (COE) with Helm charts for production environments
  • Implemented Prometheus/Grafana monitoring and automated alerting integration
  • Acted as release engineer for RADview migrations and production rollouts, handling environment consistency and rollback planning
Jul 2016 – Aug 2018 · 2 years
Project Engineer
Wipro Technologies · Microfocus Cloudassessment
  • Established CI/CD using Jenkins and Docker for Microfocus Cloudassessment and Enterprise Maps
  • Built test automation from scratch with Jenkins and Selenium to improve release quality
  • Owned release responsibilities: packaging, environment coordination, and delivery management
Technical competencies
The full stack

Deep expertise across cloud, infrastructure, containers, automation, security, and observability. Expert = daily-use, production-proven.

☁️ Cloud Platforms
AWSAzure EC2EKSS3 RDSVPCALB / NLB Route 53CloudFront Azure AKSAzure AD
🏗️ Infrastructure as Code
TerraformAnsible CloudFormationBicep HelmKustomize
🔄 CI/CD & DevOps
JenkinsGitHub Actions GitLab CIAzure DevOps AWS CodePipelinePower Platform ALM
🐳 Containers & Orchestration
DockerKubernetes EKSHelm NGINX IngressHPARBAC
📊 Monitoring & Observability
PrometheusGrafana CloudWatchAzure Monitor KibanaELK Stack
🔐 Security & Governance
IAMKMS Secrets ManagerSSM CloudTrailKey Vault GDPRRBAC
💻 Scripting & Languages
PythonBash / Shell GroovyRuby YAMLHCL
🗄️ Data, Messaging & More
AthenaGlue RedshiftRDS SNSSQSNexus GitJiraConfluence
This very website
How it's built & hosted

The infrastructure behind this portfolio is the portfolio. Every component was provisioned with Terraform, deployed via Jenkins, and secured with AWS-native controls — all on the free tier.

AWS Architecture — EC2 + Docker Compose + ALB + S3 (Free Tier)
AWS VPC — eu-west-2 (London) 🌐 User / Browser Route 53 DNS · yourdomain.com CloudFront CDN + ACM TLS ALB Load Balancer :443 EC2 t2.micro — Free Tier Nginx Reverse proxy :80/:443 Frontend React · Docker :3000 Backend API Node.js · Docker :5000 Docker Compose — single host Security Group · ports 22, 80, 443, 3000, 5000 Jenkins EC2 t2.micro · CI/CD AWS Services S3 · Assets + Logs SES · Contact Email CloudWatch · Metrics IAM · Roles + Policies ECR · Docker Images KMS + Secrets Mgr
Terraform module structure
# terraform/ ├── modules/ │ ├── vpc/ # VPC, public/private subnets, IGW, NAT gateway, route tables │ ├── ec2/ # EC2 t2.micro, security groups, key pair, Elastic IP │ ├── alb/ # Application Load Balancer, listeners, target groups │ ├── s3/ # S3 buckets (assets, logs, terraform state), lifecycle rules │ ├── iam/ # IAM roles, instance profiles, least-privilege policies │ ├── kms/ # KMS keys, aliases, key rotation policy │ ├── ses/ # SES domain identity, DKIM records, sending limits │ ├── ecr/ # ECR repository, image scan on push, lifecycle policy │ └── route53/ # Hosted zone, A record, ACM certificate + validation ├── environments/ │ ├── dev/ # terraform.tfvars for dev │ └── prod/ # terraform.tfvars for production ├── main.tf # Root module — wires all modules together ├── variables.tf # Input variable declarations ├── outputs.tf # EC2 IP, ALB DNS, S3 bucket names └── backend.tf # Remote state in S3 + DynamoDB state lock
modules/ec2/main.tf — EC2 instance (free tier)
resource "aws_instance" "portfolio" { ami = var.ami_id # Amazon Linux 2023 instance_type = "t2.micro" # Free tier eligible key_name = aws_key_pair.deploy.key_name iam_instance_profile = aws_iam_instance_profile.ec2.name vpc_security_group_ids = [aws_security_group.portfolio.id] subnet_id = var.public_subnet_id user_data = base64encode(<<-EOF #!/bin/bash yum update -y yum install -y docker git systemctl enable --now docker curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 \ -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose EOF) tags = { Name = "sarath-portfolio", Env = var.environment } } resource "aws_eip" "portfolio" { instance = aws_instance.portfolio.id domain = "vpc" }
Automation pipeline
How code ships

Every push to main triggers a fully automated Jenkins pipeline — code quality checks, Docker build, ECR push, and SSH deploy to EC2. Zero manual steps after git push.

Jenkins pipeline — Git push to live in under 5 minutes
📦
Git Push
GitHub · main
🔍
Lint & Quality
ESLint · SonarQube
🧪
Unit Tests
Jest · coverage
🐳
Docker Build
Multi-stage
🛡️
Image Scan
Trivy · CVE
📤
Push ECR
SHA + latest tag
🚀
SSH Deploy
Docker Compose up
Jenkinsfile — declarative pipeline
pipeline { agent any environment { ECR_REPO = '<account-id>.dkr.ecr.eu-west-2.amazonaws.com/sarath-portfolio' IMAGE_TAG = "${env.GIT_COMMIT[0..7]}" EC2_HOST = credentials('ec2-host') SSH_KEY = credentials('ec2-ssh-key') } stages { stage('Checkout') { steps { checkout scm } } stage('Lint & Quality') { steps { sh 'npm ci --prefix frontend' sh 'npm run lint --prefix frontend' } } stage('Unit Tests') { steps { sh 'npm test -- --coverage --watchAll=false --prefix frontend' } post { always { junit 'frontend/coverage/junit.xml' } } } stage('Docker Build') { steps { sh 'docker build -t $ECR_REPO/frontend:$IMAGE_TAG ./frontend' sh 'docker build -t $ECR_REPO/backend:$IMAGE_TAG ./backend' } } stage('Security Scan') { steps { sh 'trivy image --exit-code 1 --severity HIGH,CRITICAL $ECR_REPO/frontend:$IMAGE_TAG' sh 'trivy image --exit-code 1 --severity HIGH,CRITICAL $ECR_REPO/backend:$IMAGE_TAG' } } stage('Push to ECR') { steps { sh ''' aws ecr get-login-password --region eu-west-2 | \ docker login --username AWS --password-stdin $ECR_REPO docker push $ECR_REPO/frontend:$IMAGE_TAG docker push $ECR_REPO/backend:$IMAGE_TAG docker tag $ECR_REPO/frontend:$IMAGE_TAG $ECR_REPO/frontend:latest docker tag $ECR_REPO/backend:$IMAGE_TAG $ECR_REPO/backend:latest docker push $ECR_REPO/frontend:latest docker push $ECR_REPO/backend:latest ''' } } stage('Deploy to EC2') { steps { sh ''' ssh -i $SSH_KEY -o StrictHostKeyChecking=no ec2-user@$EC2_HOST \ "cd /app && \ aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin $ECR_REPO && \ IMAGE_TAG=$IMAGE_TAG docker-compose pull && \ IMAGE_TAG=$IMAGE_TAG docker-compose up -d --remove-orphans" ''' } } } post { success { slackSend color: 'good', message: "✅ Portfolio deployed: $IMAGE_TAG | ${env.BUILD_URL}" } failure { slackSend color: 'danger', message: "❌ Pipeline failed at stage ${env.STAGE_NAME} | ${env.BUILD_URL}" } } }
docker-compose.yml — production on EC2
version: '3.9' services: nginx: image: nginx:alpine ports: ["80:80", "443:443"] volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/certs:/etc/nginx/certs:ro depends_on: [frontend, backend] restart: unless-stopped frontend: image: ${ECR_REPO}/frontend:${IMAGE_TAG} expose: ["3000"] environment: - REACT_APP_API_URL=https://yourdomain.com/api restart: unless-stopped backend: image: ${ECR_REPO}/backend:${IMAGE_TAG} expose: ["5000"] environment: - AWS_REGION=eu-west-2 - SES_FROM_EMAIL=your@email.com - SES_TO_EMAIL=your@email.com restart: unless-stopped
frontend/Dockerfile — multi-stage build
# Stage 1: build FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --production=false COPY . . RUN npm run build # Stage 2: serve with nginx FROM nginx:alpine COPY --from=builder /app/build /usr/share/nginx/html COPY nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 3000 CMD ["nginx", "-g", "daemon off;"]
Get in touch
Let's talk
Open to Senior DevOps / SRE / Platform Engineer roles
📧
Email
sarath.k@mphasis.com
📱
Phone
+44 7767 954 270
📍
Location
United Kingdom
💼
LinkedIn
linkedin.com/in/sarath-kumar-k
🐙
GitHub
github.com/sarathk-devops
📬 How this contact form works:
Messages go through the Node.js backend API hosted on this EC2, which calls AWS SES directly using IAM role credentials (no keys in code). SES sends the email to my inbox. No third-party services — full DevOps, end to end.
Send me a message